You can set Cross Origin Resource Sharing (CORS) for objects in buckets through the COS console. COS supports configuring multiple rules to respond to OPTIONS requests. CORS is a mechanism that allows resources at one origin to be requested from another origin through HTTP requests. Origins are deemed different from each other as long as their protocols, domain names, or ports are different.
COS supports response to OPTIONS requests for CORS, and returns specific rules set by developers to browsers, but the server does not verify whether subsequent cross-origin requests conform to the rules. For more information, please see Cross-Origin Resource Sharing and Setting Cross-Origin Access.
Log in to the COS console and click Bucket List in the left sidebar to go to the bucket list page. Then click the bucket of the object for which you want to set CORS.
Choose Security Management -> CORS (Cross-Origin Resource Sharing). In the CORS (Cross-Origin Resource Sharing) area, click Add a Rule.
Configure the rule information (parameters marked with * are required). The parameters are described as follows:
Origin: domain names allowed for cross-origin requests.
http://*.abc.com, are supported. Note that each line can contain only one asterisk (*).
https. If the port is not the default 80, the port should also be specified.
Allow-Methods: GET, PUT, POST, DELETE, and HEAD are supported. Enumeration of one or more methods is allowed for a cross-origin request.
Allow-Headers: notifies the server about which custom HTTP request headers are allowed for subsequent requests when an OPTIONS request is sent, such as
*, meaning that all headers are allowed.
Access-Control-Request-Headersmust correspond to a value in
Expose-Headers: request headers commonly used in COS. For more information, please see Common Request Headers. Set this parameter according to the specific application requirements. ETag is recommended. Headers do not allow wildcards and are case insensitive. You can set multiple headers, with one header per line.
Max-age: validity period (in seconds) of the results obtained by OPTIONS. The value must be a positive integer, such as 600.
After configuration, click Confirm and you will see the CORS rule added. To modify it, click Edit.